[Emerging-updates] Daily Ruleset Update Summary 2016/11/14

Francis Trudeau ftrudeau at emergingthreats.net
Mon Nov 14 18:02:47 EST 2016


 [***] Summary: [***]

 4 new Open signatures, 22 new Pro (4 + 18).  XRatLocker/AiraCrop,
(?:Hidden-|Cerber)(?:Tear)?, Alcatrez, Unk.CoinMiner.

 [+++]          Added rules:          [+++]

 Open:

  2023503 - ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain
(trojan.rules)
  2023504 - ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain
(trojan.rules)
  2023505 - ET TROJAN CerberTear Ransomware CnC Checkin (trojan.rules)
  2023506 - ET TROJAN MSIL/Alcatrez Locker Ransomware CnC Checkin (trojan.rules)

 Pro:

  2823235 - ETPRO TROJAN HappyLocker Ransomware CnC Checkin (trojan.rules)
  2823236 - ETPRO TROJAN Win32/Rahkni Ransomware CnC Checkin (trojan.rules)
  2823237 - ETPRO TROJAN Win32/AutoLocky Ransomware CnC Checkin (trojan.rules)
  2823238 - ETPRO TROJAN MotoxLocker Ransomware CnC Checkin (trojan.rules)
  2823239 - ETPRO TROJAN CuteRansomware CnC Activity (trojan.rules)
  2823240 - ETPRO TROJAN Magic Ransomware CnC Checkin (trojan.rules)
  2823241 - ETPRO TROJAN Shark/Atom Ransomware CnC Checkin (trojan.rules)
  2823242 - ETPRO TROJAN Cryptus Ransomware CnC Checkin (trojan.rules)
  2823243 - ETPRO TROJAN Observed Malicious Ransomware SSL Cert
(WickedLocker) (trojan.rules)
  2823244 - ETPRO TROJAN Observed Malicious Ransomware Domain SSL Cert
in SNI (Hidden-Tear Variant) (trojan.rules)
  2823245 - ETPRO TROJAN Observed Malicious Ransomware Domain SSL Cert
in SNI (Hidden-Tear Variant) (trojan.rules)
  2823246 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Checkin (trojan.rules)
  2823247 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro
TDS Nov 14 2016 (current_events.rules)
  2823248 - ETPRO TROJAN Win32/Downware CnC SSL Certificate Detected
(trojan.rules)
  2823249 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup (trojan.rules)
  2823250 - ETPRO TROJAN KryptoLocker Ransomware CnC Checkin (trojan.rules)
  2823251 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14
(current_events.rules)
  2823252 - ETPRO TROJAN YafunnLocker Ransomware CnC Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2820192 - ETPRO TROJAN Win32/PaySafeCrypt Ransomware .onion Proxy
Domain (trojan.rules)


More information about the Emerging-updates mailing list